Consider this use case:
You have a role provider, that looks up users and their roles in an external source (say LDAP or Sakai or some other system).
This role provider implements findRoles(). Say you want to add permissions to a specific user to an event or series ACL.
So you add the role ROLE_USER_SOMEONE (which the UI won't currently let you do, but that should be fixed in ).
So to verify that ROLE_USER_SOMEONE exists, the findRole() methods of the RoleProviders are called.
The UserIdRoleProvider should be responsible for confirming if ROLE_USER_SOMEONE is valid, by calling findUsers("ROLE_USER_SOMEONE", ...) from UserAndRoleDirectoryServiceImpl.java, and if there's match, then return ROLE_USER_SOMEONE (indicating a valid user in some provider).
Note that ROLE_USER_SOMEONE may never have logged into Opencast and may be an external user from a very large set of possible external users.
Implementation of this is dependent on (for UI concerns) and has a pending PR touching this code.